跨站点请求伪造
写一个过滤器,下面是doFilter方法,代码如下:
HttpServletRequest request = (HttpServletRequest)req;HttpServletRespone respone = (HttpServletRespone )res;httpSession session = (HttpSession) request.getSession();String referer = request.getHeader("Referer");String basePath = request.getContextPath();if (StringUtils.isEmpty(session.getAttribute("username"))){ if (request.getServletPath().indexOf("/loginExcute.xhtml") == -1) { req.getRequestDispatcher("/login.jsp").forword(req, respone); } else { if (refer != null && (referer.indexOf(basePath) != -1)) { chain.doFilter(req,res); } else { req.getRequestDispatcher("/login.jsp").forward(req,respone); } }}else{ if (referer == null && (request.getServletPath().indexOf() != -1)) { chain.doFiler(req, res); } else if (referer != null && (referer.indexOf(basePath) != -1)) { chain.doFilter(req, res); } else { req.getRequestDispatcher("/login.jsp").forward(req, res); }}